PKI

Read CA Certificate

hvac.api.secrets_engines.pki.read_ca_certificate()

import hvac
client = hvac.Client()

read_ca_certificate_response = client.secrets.pki.read_ca_certificate()
print('Current PKI CA Certificate: {}'.format(read_ca_certificate_response))

Read CA Certificate Chain

hvac.api.secrets_engines.pki.read_ca_certificate_chain()

import hvac
client = hvac.Client()

read_ca_certificate_chain_response = client.secrets.pki.read_ca_certificate_chain()
print('Current PKI CA Certificate Chain: {}'.format(read_ca_certificate_chain_response))

Read Certificate

hvac.api.secrets_engines.pki.read_certificate()

import hvac
client = hvac.Client()

read_certificate_response = client.secrets.pki.read_certificate(serial='crl')
print('Current PKI CRL: {}'.format(read_certificate_response))

List Certificates

hvac.api.secrets_engines.pki.list_certificates()

import hvac
client = hvac.Client()

list_certificate_response = client.secrets.pki.list_certificates()
print('Current certificates (serial numbers): {}'.format(list_certificate_response))

Submit CA Information

hvac.api.secrets_engines.pki.submit_ca_information()

import hvac
client = hvac.Client()

submit_ca_information_response = client.secrets.pki.submit_ca_information(
'-----BEGIN RSA PRIVATE KEY-----\n...\n-----END CERTIFICATE-----'
)

Read CRL Configuration

hvac.api.secrets_engines.pki.read_crl_configuration()

import hvac
client = hvac.Client()

read_crl_configuration_response = client.secrets.pki.read_crl_configuration()
print('CRL configuration: {}'.format(read_crl_configuration_response))

Set CRL Configuration

hvac.api.secrets_engines.pki.set_crl_configuration()

import hvac
client = hvac.Client()

set_crl_configuration_response = client.secrets.pki.set_crl_configuration(
   expiry='72h',
   disable=False
)

Read URLs

hvac.api.secrets_engines.pki.read_urls()

import hvac
client = hvac.Client()

read_urls_response = client.secrets.pki.read_urls()
print('Get PKI urls: {}'.format(read_urls_response))

Set URLs

hvac.api.secrets_engines.pki.set_urls()

import hvac
client = hvac.Client()

set_urls_response = client.secrets.pki.set_urls(
{
  'issuing_certificates': ['http://127.0.0.1:8200/v1/pki/ca'],
  'crl_distribution_points': ['http://127.0.0.1:8200/v1/pki/crl']
}
)

Read CRL

hvac.api.secrets_engines.pki.read_crl()

import hvac
client = hvac.Client()

read_crl_response = client.secrets.pki.read_crl()
print('Current CRL: {}'.format(read_crl_response))

Rotate CRLs

hvac.api.secrets_engines.pki.rotate_crl()

import hvac
client = hvac.Client()

rotate_crl_response = client.secrets.pki.rotate_crl()
print('Rotate CRL: {}'.format(rotate_crl_response))

Generate Intermediate

hvac.api.secrets_engines.pki.generate_intermediate()

import hvac
client = hvac.Client()

generate_intermediate_response = client.secrets.pki.generate_intermediate(
    type='exported',
    common_name='Vault integration tests'
)
print('Intermediate certificate: {}'.format(generate_intermediate_response))

Set Signed Intermediate

hvac.api.secrets_engines.pki.set_signed_intermediate()

import hvac
client = hvac.Client()

set_signed_intermediate_response = client.secrets.pki.set_signed_intermediate(
    '-----BEGIN CERTIFICATE...'
)

Generate Certificate

hvac.api.secrets_engines.pki.generate_certificate()

import hvac
client = hvac.Client()

generate_certificate_response = client.secrets.pki.generate_certificate(
   name='myrole',
   common_name='test.example.com'
)
print('Certificate: {}'.format(generate_certificate_response))

Revoke Certificate

hvac.api.secrets_engines.pki.revoke_certificate()

import hvac
client = hvac.Client()

revoke_certificate_response = client.secrets.pki.revoke_certificate(
   serial_number='39:dd:2e...'
)
print('Certificate: {}'.format(revoke_certificate_response))

Create/Update Role

hvac.api.secrets_engines.pki.create_or_update_role()

import hvac
client = hvac.Client()

create_or_update_role_response = client.secrets.pki.create_or_update_role(
   'mynewrole',
   {
      'ttl': '72h',
      'allow_localhost': 'false'
   }
)
print('New role: {}'.format(create_or_update_role_response))

Read Role

hvac.api.secrets_engines.pki.read_role()

import hvac
client = hvac.Client()

read_role_response = client.secrets.pki.read_role('myrole')
print('Role definition: {}'.format(read_role_response))

List Roles

hvac.api.secrets_engines.pki.list_roles()

import hvac
client = hvac.Client()

list_roles_response = client.secrets.pki.list_roles()
print('List of available roles: {}'.format(list_roles_response))

Delete Role

hvac.api.secrets_engines.pki.delete_role()

import hvac
client = hvac.Client()

delete_role_response = client.secrets.pki.delete_role('role2delete')

Generate Root

hvac.api.secrets_engines.pki.generate_root()

import hvac
client = hvac.Client()

generate_root_response = client.secrets.pki.generate_root(
   type='exported',
   common_name='New root CA'
)
print('New root CA: {}'.format(generate_root_response))

Delete Root

hvac.api.secrets_engines.pki.delete_root()

import hvac
client = hvac.Client()

delete_root_response = client.secrets.pki.delete_root()

Sign Intermediate

hvac.api.secrets_engines.pki.sign_intermediate()

import hvac
client = hvac.Client()

sign_intermediate_response = client.secrets.pki.sign_intermediate(
    csr='....',
    common_name='example.com',
)
print('Signed certificate: {}'.format(sign_intermediate_response))

Sign Self-Issued

hvac.api.secrets_engines.pki.sign_self_issued()

import hvac
client = hvac.Client()

sign_self_issued_response = client.secrets.pki.sign_self_issued(
   certificate='...'
)
print('Signed certificate: {}'.format(sign_self_issued_response))

Sign Certificate

hvac.api.secrets_engines.pki.sign_certificate()

import hvac
client = hvac.Client()

sign_certificate_response = client.secrets.pki.sign_certificate(
   name='myrole',
   csr='...',
   common_name='example.com'
)
print('Signed certificate: {}'.format(sign_certificate_response))

Sign Verbatim

hvac.api.secrets_engines.pki.sign_verbatim()

import hvac
client = hvac.Client()

sign_verbatim_response = client.secrets.pki.sign_verbatim(
   name='myrole',
   csr='...'
)
print('Signed certificate: {}'.format(sign_verbatim_response))

Tidy

hvac.api.secrets_engines.pki.tidy()

import hvac
client = hvac.Client()

tidy_response = client.secrets.pki.tidy()

Read Issuer

hvac.api.secrets_engines.pki.read_issuer()

import hvac
client = hvac.Client()

issuer_list_response = client.secrets.pki.list_issuers()

issuer_read_response = client.secrets.pki.read_issuer(issuer_list_response["keys"][0])

List Issuers

hvac.api.secrets_engines.pki.list_issuers()

import hvac
client = hvac.Client()

issuer_list_response = client.secrets.pki.list_issuers()

Update Issuer

hvac.api.secrets_engines.pki.update_issuer()

import hvac
client = hvac.Client()

issuer_list_response = client.secrets.pki.list_issuers()

issuer_update_response = client.secrets.pki.update_issuer(issuer_list_response["keys"][0],extra_params={'issuer_name':'my_new_issuer_name')

Revoke Issuer

hvac.api.secrets_engines.pki.revoke_issuer()

import hvac
client = hvac.Client()

issuer_list_response = client.secrets.pki.list_issuers()

issuer_update_response = client.secrets.pki.revoke_issuer(issuer_list_response["keys"][0])

Delete Issuer

hvac.api.secrets_engines.pki.delete_issuer()

import hvac
client = hvac.Client()

issuer_list_response = client.secrets.pki.list_issuers()

issuer_update_response = client.secrets.pki.delete_issuer(issuer_list_response["keys"][0])