Previous topic

SFLvaultClient object

Next topic

SFLvaultCommand object

This Page

SFLvaultClient object

This is was is called when you run sflvault connect s#1 or other sflvault ... commands.

It wraps all the functionality of querying the remote vault, decrypting and displaying the results.

class sflvault.lib.vault.SFLvaultAccess

Init obj.


Add a new customer to the database


Delete a customer from database, bringing along all it’s machines and services


Get a single customer’s data

customer_put(customer_id, data)

Put a single customer’s data back to the Vault

group_add(group_name, hidden=False)

Add a new group the database. Nothing will be added to it by default

group_add_service(group_id, service_id, symkey)

Add a service to a group.

Call servie_get() first to get the information and decrypt the symkey on your side, then call this function to store the symkey.

The server-side Vault will encrypt it for the given group.

group_add_user(group_id, user, is_admin=False, cryptgroupkey=None)

Add a user to a group. Call once to retrieve information, and a second time with cryptgroupkey to save cipher information.

The second call should give the group’s privkey, encrypted by the remote user for the user being added.

is_admin - Gives admin privileges to the user being added or not. user - User can be a username or a user_id

group_del(group_id, delete_cascade=True)

Remove a group from the vault. Only if no services are associated with it anymore.

:force_delete deletes a group even if it has services associated

group_del_service(group_id, service_id)

Remove the association between a group and a service, simply.

group_del_user(group_id, user)

Remove the association between a group and a user.

Make sure there are still ‘is_admin’ users associated with the group to be able to give access to someone else in case of need.

SFLvault will refuse to delete a user from a group if no other users are part of that group, and if the group still has some services associated with it. First, call group_del_service from the group for all services, then delete the users, and then the group.

user - can be a username or a user_id


Get a single group’s data

group_list(show_hidden=False, list_users=False)

Return a simple list of the available groups

group_put(group_id, data)

Put a single group’s data back to the Vault

machine_add(customer_id, name, fqdn, ip, location, notes)

Add a new machine to the database


Delete a machine from database, bringing on all child services.


Get a single machine’s data


Return a simple list of the machines

search(search_query, filters=None, verbose=False)

Do the search, and return the result tree.

filters - must be a dictionary with options on which to constraint

Delete a service, making sure no other child remains attached.

service_get(service_id, group_id=None)

Get a single service’s data.

group_id - return this group’s key, otherwise, use first available

service_get_tree(service_id, with_groups=False)

Get a service tree, starting with service_id

service_passwd(service_id, newsecret)

Change the passwd for a given service

service_put(service_id, data)

Put a single service’s data back to the vault’s database

show(service_id, with_groups=False)

Get the specified service ID and return the hierarchy to connect to it or to show it.

We need self.myself_id to be set for this function.


Return a simple list of the users

groups - return the list of groups for each user, or not

user_setup(username, pubkey)

Setup the user’s account