add script for interacting with user vault

V2arK · V2arK · commit 8205c522d0e4 · 2026-01-30T16:59:25.000-05:00
diff --git a/scripts/user_vault/README.md b/scripts/user_vault/README.md
@@ -0,0 +1,169 @@
+# User Vault Scripts
+
+Scripts for managing user vault (secrets) in CentML Platform.
+
+## Overview
+
+The CentML User Vault is a secure storage system for sensitive information that can be used across your deployments. This includes environment variables, API tokens, SSH keys, and certificates. These scripts allow you to view and manage your vault items from the command line.
+
+## Prerequisites
+
+### 1. Install the centml package
+
+From the repository root directory:
+
+```bash
+pip install -e ./
+```
+
+Or install directly from GitHub:
+
+```bash
+pip install git+https://github.com/CentML/centml-python-client.git@main
+```
+
+### 2. Authenticate with CentML
+
+Login to your CentML account:
+
+```bash
+centml login
+```
+
+This will open a browser window for authentication. Once completed, your credentials will be stored locally.
+
+## Available Scripts
+
+### get_vault_items.py
+
+Retrieves and displays all items stored in your CentML vault.
+
+#### Supported Vault Types
+
+| Type | Description | Example Use Case |
+|------|-------------|------------------|
+| `env_vars` | Environment variables | Database URLs, API endpoints |
+| `ssh_keys` | SSH keys | Git repository access |
+| `bearer_tokens` | Bearer tokens | Service authentication |
+| `access_tokens` | Access tokens | HuggingFace tokens, Weights & Biases API keys |
+| `certificates` | Certificates | TLS/SSL certificates |
+
+#### Usage
+
+Run the script from the `scripts/user_vault` directory:
+
+```bash
+cd scripts/user_vault
+python get_vault_items.py [OPTIONS]
+```
+
+#### Command Line Options
+
+| Option | Description | Default |
+|--------|-------------|---------|
+| `--type TYPE` | Filter results by vault type (see supported types above) | Show all types |
+| `--search QUERY` | Filter items by key name (case-sensitive substring match) | No filter |
+| `--show-values` | Display the actual secret values | Keys only |
+| `--help` | Show help message and exit | - |
+
+#### Examples
+
+**List all vault items (keys only):**
+
+```bash
+python get_vault_items.py
+```
+
+**List only environment variables:**
+
+```bash
+python get_vault_items.py --type env_vars
+```
+
+**List only access tokens (e.g., HuggingFace tokens):**
+
+```bash
+python get_vault_items.py --type access_tokens
+```
+
+**Search for items containing "HF" in the key name:**
+
+```bash
+python get_vault_items.py --search HF
+```
+
+**Show all items with their values:**
+
+```bash
+python get_vault_items.py --show-values
+```
+
+**Combine multiple options:**
+
+```bash
+python get_vault_items.py --type env_vars --show-values --search DATABASE
+```
+
+#### Example Output
+
+Without `--show-values`:
+
+```
+Found 5 vault item(s)
+
+==================================================
+Type: access_tokens (2 item(s))
+==================================================
+  HF_TOKEN
+  WANDB_API_KEY
+
+==================================================
+Type: env_vars (3 item(s))
+==================================================
+  API_KEY
+  DATABASE_URL
+  MY_SECRET
+```
+
+With `--show-values`:
+
+```
+Found 5 vault item(s)
+
+==================================================
+Type: access_tokens (2 item(s))
+==================================================
+  HF_TOKEN: hf_xxxxxxxxxxxxxxxxxxxx
+  WANDB_API_KEY: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+==================================================
+Type: env_vars (3 item(s))
+==================================================
+  API_KEY: sk-xxxxxxxxxxxxxxxx
+  DATABASE_URL: postgresql://user:pass@host:5432/db
+  MY_SECRET: my-secret-value
+```
+
+## Troubleshooting
+
+### Authentication Error
+
+If you see an authentication error, try logging in again:
+
+```bash
+centml login
+```
+
+### Module Not Found
+
+If you see `ModuleNotFoundError`, ensure you have installed the centml package:
+
+```bash
+pip install -e ./
+```
+
+### No Items Found
+
+If the script returns "No vault items found", verify that:
+1. You are logged into the correct CentML account
+2. You have created vault items in the CentML web UI or via API
diff --git a/scripts/user_vault/get_vault_items.py b/scripts/user_vault/get_vault_items.py
@@ -0,0 +1,111 @@
+#!/usr/bin/env python3
+"""
+Script to retrieve all items from a user's vault (secrets).
+
+This script allows you to view all secrets stored in your CentML vault,
+including environment variables, SSH keys, bearer tokens, access tokens,
+and certificates.
+"""
+
+from typing import Optional
+
+import click
+
+from centml.sdk.api import get_centml_client
+from platform_api_python_client import UserVaultType
+
+
+def get_vault_items(
+    vault_type: Optional[UserVaultType] = None,
+    search_query: Optional[str] = None,
+):
+    """Retrieve items from user's vault."""
+    with get_centml_client() as client:
+        response = client._api.get_all_user_vault_items_endpoint_user_vault_get(
+            type=vault_type,
+            search_query=search_query,
+        )
+        return response.results
+
+
+def display_vault_items(items, show_values: bool = False):
+    """Display vault items grouped by type."""
+    if not items:
+        click.echo("No vault items found.")
+        return
+
+    # Group items by type
+    grouped = {}
+    for item in items:
+        vault_type = item.type
+        if vault_type not in grouped:
+            grouped[vault_type] = []
+        grouped[vault_type].append(item)
+
+    click.echo(f"\nFound {len(items)} vault item(s)\n")
+
+    for vault_type, type_items in sorted(grouped.items(), key=lambda x: x[0]):
+        click.echo(f"{'='*50}")
+        click.echo(f"Type: {vault_type} ({len(type_items)} item(s))")
+        click.echo(f"{'='*50}")
+
+        for item in sorted(type_items, key=lambda x: x.key):
+            if show_values and item.value is not None:
+                click.echo(f"  {item.key}: {item.value}")
+            else:
+                click.echo(f"  {item.key}")
+
+        click.echo("")
+
+
+@click.command()
+@click.option(
+    "--type",
+    "vault_type",
+    type=click.Choice([t.value for t in UserVaultType], case_sensitive=False),
+    help="Filter by vault type (env_vars, ssh_keys, bearer_tokens, access_tokens, certificates)",
+)
+@click.option(
+    "--search",
+    "search_query",
+    type=str,
+    help="Search query to filter items by key",
+)
+@click.option(
+    "--show-values",
+    is_flag=True,
+    default=False,
+    help="Show vault item values",
+)
+def main(vault_type: Optional[str], search_query: Optional[str], show_values: bool):
+    """Retrieve all items from user's vault (secrets).
+
+    This script uses the centml CLI authentication,
+    so make sure you are logged in to centml CLI before running this script.
+
+    \b
+    Examples:
+        # Get all vault items
+        python get_vault_items.py
+
+        # Get only environment variables
+        python get_vault_items.py --type env_vars
+
+        # Search for items containing 'HF'
+        python get_vault_items.py --search HF
+
+        # Show values
+        python get_vault_items.py --show-values
+    """
+    type_enum = UserVaultType(vault_type) if vault_type else None
+
+    items = get_vault_items(
+        vault_type=type_enum,
+        search_query=search_query,
+    )
+
+    display_vault_items(items, show_values=show_values)
+
+
+if __name__ == "__main__":
+    main()
