Warn if insecure vault endpoint is used (#53)

adobe · Apr 23, 2021 · df2d160 · df2d160
1 parent 78f7273
commit df2d160
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/examples/secrets/default.yaml b/examples/secrets/default.yaml
@@ -0,0 +1,3 @@
+---
+secret_path_v2: "{{vault.path(/kv2_secret)}}"
+secret_key_v2: "{{vault.key(/kv2_secret/key)}}"
diff --git a/himl/simplevault.py b/himl/simplevault.py
@@ -26,7 +26,9 @@ def get_vault_client(self):
         namespace = os.getenv('VAULT_NAMESPACE')
         verify = not strtobool(os.getenv('VAULT_SKIP_VERIFY', 'false'))
 
-        logger.info("Vault using url: {}, namespace: {}, verify: {}".format(url, namespace, verify))
+        logger.info("Vault using url: {}, namespace: {}".format(url, namespace))
+        if not verify:
+            logger.warning("Using insecure vault endpoint, verify: {}".format(verify))
 
         client = hvac.Client(
             url=url,
@@ -76,7 +78,6 @@ def get_path(self, path):
 
     def get_key(self, path, key):
         secret_data = self.get_path(path)
-        print(secret_data)
         secret_key_value = secret_data[key]
 
         return secret_key_value